Monthly Archive: March 2002

IIS 4.0 does not properly restrict access for the initial session request from a user’s IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability. Date published...

Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key. Date published : 2002-03-09 http://www.securiteam.com/exploits/Netscape_4_7_and_earlier_vulnerable_to__Huge_Key__DoS.html https://exchange.xforce.ibmcloud.com/vulnerabilities/3436

IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters. Date published :...

Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup. Date published : 2002-03-09...

LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges. Date published : 2002-03-09 http://www.cert.org/advisories/CA-1993-12.html http://ciac.llnl.gov/ciac/bulletins/d-21.shtml

The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl...

Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges. Date published : 2002-03-09 http://marc.info/?l=bugtraq&m=88131151000069&w=2 http://www.cert.org/vendor_bulletins/VB-97.14.scoterm

Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument. Date published : 2002-03-09 http://marc.info/?l=bugtraq&m=87602661419330&w=2 http://marc.info/?l=bugtraq&m=87602661419337&w=2

nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information. Date published : 2002-03-09 http://marc.info/?l=bugtraq&m=87602167419195&w=2

Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems...

Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier. Date published : 2002-03-09 http://marc.info/?l=bugtraq&m=91868964203769&w=2 http://marc.info/?l=bugtraq&m=91888117502765&w=2

BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges. Date published : 2002-03-09 http://www.securityfocus.com/bid/11 http://www.cert.org/advisories/CA-1990-06.html

TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges. Date published : 2002-03-09...

chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges. Date published : 2002-03-09 http://www.securityfocus.com/bid/17 http://www.cert.org/advisories/CA-1991-05.html